2012/2/14 Bhargava Shastry <bshas****@gmail*****>: >> Yes, there is. >> >> If you give lines like "delete file read ..." to ccs-loadpolicy -d, >> "file read ..." access permissions will be revoked. > > > Thanks. But is there a more efficient way of deleting all access control > rules associated with a file with a single delete command? Lets say > /data/app1/file1.txt has a file read policy line and a file write policy > line and that when file1.txt is deleted, we would like to purge all policy > lines associated with the file. Does TOMOYO's internal data structures > contain a mapping of file to access control rights which can later be purged > on delete? TOMOYO makes decisions based on the subject (process). You can delete a domain by writing "delete name-of-the-domain" to /proc/ccs/domain_policy, create a new domain by writing "name-of-the-new-domain-you-want", and delete individual access permissions by writing "select name-of-the-domain" following "delete file read...". But TOMOYO has no interface nor data structures to do what you want. You can, of course, write a program that find finds file1.txt from the current policy and compose the requests as combination, not efficient though. Best regards, Toshiharu Harada harad****@gmail*****
TOMOYO
Fork